Security Advisories (4)

CPANSA-libwww-perl-2017-01 (2017-11-06)

LWP::Protocol::file can open existent file from file:// scheme. However, current version of LWP uses open FILEHANDLE,EXPR and it has ability to execute arbitrary command

https://github.com/libwww-perl/libwww-perl/pull/270

CVE-2011-0633 (2011-01-20)

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

CVE-2010-2253 (2010-07-06)

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

CPANSA-libwww-perl-2001-01 (2001-03-14)

If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by the web client using the "Proxy:" header.

NAME

HTML::HeadParser - Parse <HEAD> section of a HTML document

SYNOPSIS

require HTML::HeadParser;
$p = HTML::HeadParser->new;
$p->parse($text) and  print "not finished";

$p->header('Title')          # to access <title>....</title>
$p->header('Content-Base')   # to access <base href="http://...">
$p->header('Foo')            # to access <meta http-equiv="Foo" content="...">

DESCRIPTION

The HTML::HeadParser is a specialized (and lightweight) HTML::Parser that will only parse the <HEAD>...</HEAD> section of a HTML document. The parse() and parse_file() methods will return a FALSE value as soon as a <BODY> element is found, and should not be called again after this.

The HTML::HeadParser constructor takes a HTTP::Headers object reference as argument. The parser will update this header object as the various head elements are recognized.

The following header fields are initialized from elements found in the <head> section of a HTML document:

Content-Base:: The Content-Base header is initialized from the <base href="..."> element.
Title:: The Title header is initialized from the <title>...</title> element.
Isindex:: The Isindex header will be added if there is a <isindex> element in the <head>. The header value is initialized from the prompt attribute if it is present.
X-Meta-Foo: All <meta> elements will initialize headers with the prefix "X-Meta-". If the element contains a http-equiv attribute, then it will be honored as the header name.

EXAMPLES

$h = HTTP::Headers->new;
$p = HTML::HeadParser->new($h);
$p->parse(<<EOT);
<title>Stupid example</title>
<base href="http://www.sn.no/libwww-perl/">
Normal text starts here.
EOT
undef $p;
print $h->title;   # should print "Stupid example"

COPYRIGHT

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Gisle Aas <aas@sn.no>

To install LWP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm LWP

CPAN shell

perl -MCPAN -e shell
install LWP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)